The world of cryptography is moving at a very slow but steady pace. New cryptography standards must be vetted over a long period of time, and therefore new threats to existing standards must be judged on decades-long timelines, because updating cryptographic standards is a multi-year journey. Quantum computing is a major threat looming on the horizon. Quantum computers can solve multiple equations simultaneously, and based on Shor’s algorithm, cryptographers believe they will be able to crack asymmetric encryption. In addition, Grover’s algorithm provides a quadratic reduction in the decryption time of symmetric encryption. And the question these same crypto experts are trying to answer is not if that will happen, but when.
Today’s encryption algorithms use mathematical problems such as factoring large numbers to protect data. With fault-tolerant quantum computers, the factorization can theoretically be solved in just a few hours using Shor’s algorithm. This same feature also compromises cryptographic methods based on the difficulty of solving discrete logarithm problems.
The term used to describe these new, more durable encryption standards is “quantum secure”. The challenge is that we don’t know exactly when fault-tolerant quantum computers will have the power to consistently break existing encryption standards, which are now in widespread use. There is also concern that some parties could download and store encrypted data for later decryption when suitably capable quantum computers are available. Even if the data is more than ten years old, there could be relevant confidential information in the stored data. Think government secrets, financial and securities records and transactions, health records, or even private or classified communications between public and/or government figures.
The US Department of Commerce’s National Institute of Standards and Technology (NIST) believes it is possible that the RSA2048 cipher could be broken by 2035. Other US government agencies and other security-minded entities have similar timelines. Instead of waiting until the last minute to upgrade security, NIST launched a competition to develop quantum-safe cryptography in 2016. After several rounds of revisions, on July 5u this year, NIST selected four algorithms for the final stages of review before setting the standard. IBM developed three of them.
IBM’s new crypto algorithms are based on a family of mathematical problems called structured lattices. Lattice problems have a unique feature that will make them quite difficult to solve with quantum computing. Structured lattice problems require solving two unknowns – a multiplier matrix and a displacement, and it is extremely difficult for quantum computing to solve lattice problems. The shortest vector problem (SVP) and the nearest vector problem (CVP) – on which lattice cryptography is based – are considered extremely difficult to solve by a quantum computer. Each candidate encryption algorithm is evaluated not only for data security, but also for performance – the overhead cannot be too high for widespread use.
Final choices are expected in 2024, but there’s still a chance there could be changes before the final standards are released.
IBM Supports Quantum Safe on New Z Series Mainframes
IBM made a strategic bet before the final NIST selections. The recently released IBM Z16 series computers already support two of the last four candidates for quantum-secure cryptography: the CRYSTALS-Kyber public-key cryptography and the CRYSTALS-Dilithium digital signature algorithms. IBM is going to work with industry to document these algorithms in production systems. Initially, IBM is using tape storage systems as a testing platform. Because tape is often used for refrigerated storage, it is an excellent medium for long-term data protection. IBM is working with its customer base to find the right way to bring quantum encryption to market. This should be approached as a life cycle transformation. And, in fact, IBM is working with its customers to create a cryptoflexible solution, which allows the exact encryption algorithm to be changed at any time without disrupting the entire system. It’s not just a replacement process. With crypto-agility, the algorithm is removed from the system’s software stack so that new algorithms can be seamlessly developed. IBM is developing tools that make the state of encryption part of overall observability with a proper dashboard to view encryption events etc.
These new algorithms must be deployable on existing computing platforms, even at the edge. However, it will not be possible to upgrade every system. it will likely be an industry-wide effort and require industry consortia. For example, IBM, the Global System for Mobile Communication Association (GSMA) and Vodafone recently announced that they will work through a GSMA Working Group to identify a process for implementing secure quantum media technologies in critical telecommunications infrastructure, including networks that support internet access and public utility management. The telecommunications network carries financial data, health information, public sector infrastructure systems and sensitive business data that must be protected as it traverses global networks.
What’s Next for Quantum Safe Algorithms
Here comes fault-tolerant quantum computing. When it will be available is still a guessing game, but the people who care most about data security are aiming for 2035 to have quantum-safe cryptographic algorithms to deal with the threat. But that’s not good enough. We need to start protecting critical data and infrastructure earlier than that, considering the length of time systems are deployed in the field and data is stored. Systems such as satellites and power plants are not easy to update in situ.
And there is data that needs to be securely stored for future retrieval, including HIPAA (for medical applications), tax records, Toxic Substances Control Act and clinical trial data, and more.
Even after these new algorithms are developed, this is not the end – there may still be developments that can break even the next-generation quantum-secure algorithms. The battle between those who want to keep systems and data secure and those who want to break them continues, and why companies should look to incorporate encryption flexibility into their security plans.
Tirias Research tracks and advises companies across the electronics ecosystem, from semiconductors to systems and sensors to the cloud. Members of the Tirias Research team have consulted with IBM and other companies across the Security, AI and Quantum ecosystems.